The Problem with RELRO/ASLR in Statically-Linked Executables or Lack Thereof

The Problem with RELRO/ASLR in Statically-Linked Executables or Lack Thereof(leviathansecurity.com)

2 points by alyptik 7 years ago | 1 comment

wahern 7 years ago |

AFAICT OpenBSD already does RELRO (inc. GOT RELO) and ASLR for static PIE, and has for several years. (Maybe since 2015?)

I think it was around that time that OpenBSD added the kbind(2) system call, which atomically copies data into otherwise non-writeable pages. This permits lazy binding without marking executable pages temporarily writable (W^X can't normally be disabled by programs). And kbind has special mitigations to prevent its use from ROP gadgets.

Also, it appears Rich Felker (of musl libc) did some static PIE work for Linux (presumably Linux/musl?).

  https://www.openwall.com/lists/musl/2015/06/01/12

I wonder if that work went anywhere.